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WHAT IS CLAIMED: 

1 . A method for updating and maintaining current operating information on a 
processor-based target device, the method comprising the steps of: 

discovering current operating information associated with the target device; 

comparing the current operating information associated with the target 
device with updated operating information retrievable from a database; 

identifying at least one patch applicable to the discovered current operating 
information associated with the target device; 

determining if the at least one identified patch has been applied on the target device 
and, if necessary, applying the at least one identified patch on the target device; and 

entering an updated patch status of the target device in the database. 

2. The method of claim 1 , wherein the current operating information of the target 
device includes at least one of a group comprised of: 

(a) an identity and version level of at least one software application program currently 
residing on the target device; 

(b) an identity and version level of at least one operating system residing on the target 

device; 

(c) an identity and version level of at least one hardware device residing on the target 
device; and 

(d) an identity and version level of at least one firmware program residing on the 
target device. 

3. The method of claim 1 , further comprising the steps of: 

querying the database to determine a patch status of the target device; and 
identifying gaps in patch coverage for the target device. 

4. The method of claim 1 , wherein the target device is in communication with a 

server. 

5. The method of claim 1 . wherein the discovering step includes a plurality of target 
devices. 

6. The method of claim 5, wherein the plurality of target devices include a plurality 
of mobile devices. 
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7. The method of claim 1 further comprising a computer readable medium having 
stored therein instructions for causing a processor to execute the steps of the method. 

8. The method of claim 1 wherein the at least one identified patch includes two 
components comprising a state file for importing into the database and a manifest file used by 
a target agent on the target device that provides policy information and security information 
for the at least one identified patch. 

9. The method of claim 8 wherein the state file comprises patch information, detailed 
information about patch components and patch target information from a patch authority and 
wherein the manifest file includes patch target information from a patch authority, 
prerequisite and superceded path information, a plurality of indicators used to determine if a 
patch is properly installed and information on how to apply a patch. 

10. A method for updating and maintaining current operating information on a 
processor-based target device, the method comprising the steps of: 

discovering current operating information associated with the target device; 
transferring the current operating information associated with the target device to a 
second device; 

comparing the current operating information associated with the target device with 
updated operating information retrievable from a database by the second device; 

identifying at least one patch applicable to the current operating information 
associated with the target device; 

forwarding the at least one identified patch from the second device to the target 

device; 

determining if the at least one identified patch has been applied on the target device 
and, if necessary, applying the at least one identified patch on the target device; 
generating an updated patch status on the target device; 
sending the updated patch status to the second device; and 

using the second device to enter the updated patch status of the target device in the 
database. 

1 1 . The method of claim 10 further comprising a computer readable medium having 
stored therein instructions for causing a processor to execute the steps of the method. 

12. The method of claim 10, wherein the second device is a server. 
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13. The method of claim 10 wherein the current operating information of the target 
device includes at least one of the group comprised of: 

(a) an identity and version level of at least one software application program currently 
residing on the target device; 

(b) an identity and version level of at least one operating system residing on the target 

device; 

(c) an identity and version level of at least one hardware device residing on the target 
device; and 

(d) an identity and version level of at least one firmware program residing on the 
target device. 

14. The method of claim 1 0, further comprising the steps of: 
querying the database to determine a patch status of the target device; and 
identifying gaps in patch coverage for the target device. 

1 5. The method of claim 1 0, wherein the discovering step includes multiple target 
devices. 

1 6. The method of claim 1 0, wherein the determining step is performed by a target 
agent residing on the target device. 

17. A system for updating and maintaining current operating information on a 
processor-based target device, the system comprised of: 

means for discovering current operating information associated with the target device; 

means for transferring the current operating information associated with the target 
device to a second device; 

means for comparing the current operating information associated with the target 
device with updated operating information retrievable from a database by the second device; 

means for identifying at least one patch applicable to the current operating 
information associated with the target device; 

means for forwarding the at least one patch from the second device to the target 

device; 

means for determining if the at least one patch has been applied on the target device 
and, if necessary, applying the at least one patch on the target device; 

means for generating an updated patch status on the target device; 

means for sending the updated patch status to the second device; and 

means for using the second device to enter the updated patch status of the target 
device in the database. 
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1 8. A system for updating and maintaining current operating information on a 
processor-based target device, the system comprised of: 

at least one target device configured to receive a patch; and 

a second device configured to perform a database look-up to identify at least one 
patch applicable to the at least one target device, the second device capable of sending to the 
at least one target device a list of the at least one patch applicable to the at least one target 
device and receiving from the at least one target device an updated message regarding the 
patch status of the at least one target device. 

19. The system of claim 1 8, wherein the second device is a server. 

20. The system of claim 1 8, further comprised of: 

a target agent residing in the at least one target device, the target agent capable of: 
receiving the list of the at least one patch applicable to the at least one target device; 
determining whether the at least one patch has been applied to the at least one target 

device; 

generating a patch status for the at least one target device; and 
sending the patch status to the second device. 

2 1 . The system of claim 1 9, further comprising of an administrator capable of 
querying the database to determine a patch status of the at least one target device. 

22. The system of clam 21 , wherein the administrator can query the database when 
the target device is not in communication with the second device. 

23. A method for updating and maintaining current operating information on a 
processor-based target device, the method comprised of: 

discovering current operating information associated with a target device; 

comparing the current operating information against a desired state of information, for 
the target device to determine, based on policy data associated with the target device, whether 
at least one patch needs to be applied to the target device; 

transferring the desired state of information to the target device; 

having a target agent compare the desired state of information to the current operating 
information in order to identify if at least one patch should be applied to the target device; 

sending a patch list from the target agent to a second device requesting at least one 
patch that should be applied to the target device; 

forwarding the at least one patch from the second device to the target device; and 
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applying the at least one patch to the target device. 

24. The method of claim 23, wherein the second device is a server. 

25. The method of claim 23, wherein the comparing step is performed using a 
differencing method. 

26. The method of claim 23, wherein the at least one patch that the policy data 
indicates should be applied to the target device is sent to the target device without a request 
from the target agent. 

27. The method of claim 26, wherein the policy data includes qualitative information 
about each patch. 

28. The method of claim 27, wherein an administrator determines, based on the 
qualitative information, whether a patch should be applied on the target device. 

29. The method of claim 28, wherein the determination of the administrator is 
included in the policy data. 

30. A data processing system for updating and maintaining current operating 
information on a processor-based target device, the data processing system comprised of a 
component for: 

discovering current operating information associated with the target device; 

comparing the current operating information associated with the target device with 
updated operating information retrievable from a database; 

identifying at least one patch applicable to the current operating information 
associated with the target device; 

determining if the at least one patch has been applied on the target device and, if 
necessary, applying the at least one patch on the target device; and 

entering an updated patch status of the target device in the database. 

3 1 . The data processing system of claim 30, wherein the target device is in 
communication with a second device. 

32. The data processing system of claim 30, wherein the second device is a server. 
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33. A computer readable medium having computer executable instructions for 
performing a method comprising: 

discovering current operating information associated with the target device; 

comparing the current operating information associated with the target device with 
updated operating information retrievable from a database: 

identifying at least one patch applicable to the current operating information 
associated with the target device; 

determining if the at least one patch has been applied on the target device and, if 
necessary, applying the at least one patch on the target device; and 

entering an updated patch status of the target device in the database. 

34. The computer readable medium of claim 33, having computer executable 
instructions for performing a method further comprising: 

transferring the current operating information associated with the target device to a 
second device; 

forwarding the at least one patch from the second device to the target device; 
generating an updated patch status on the target device; 
sending the updated patch status to the second device; and 

using the second device to enter the updated patch status of the target device in the 
database. 

35. A method for managing patches for software, comprising: 
automatically acquiring a plurality of patches from a plurality of vendors for a 

plurality of software products; 

automatically discovering current operating information associated with a plurality of 
target devices; 

automatically completing a vulnerability assessment for the acquired plurality of 
patches using the discovered current operating information associated with the plurality of 
target devices; 

automatically completing an impact analysis for applying the acquired plurality of 
patches to the discovered current operating information for the plurality of target devices; 

automatically deploying the plurality of patches to the plurality of target devices 
based on policy-based information, wherein the policy-based information includes in-part, 
information from the vulnerability assessment and the impact analysis; and 

automatically installing the deployed plurality of patches on the plurality of target 
devices. 
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36. The method claim 35 further comprising a computer readable medium having 
stored therein instructions for causing a processor to execute the steps of the method. 

37. The method of claim 35 wherein the step of automatically completing a 
vulnerability analysis includes automatically completing a patch gap analysis to determine 
where components of the operating information may be vulnerable to applying a patch and 
identifies which new patches may be required based on the discovered current operating 
information. 

38. The method of claim 35 wherein the step of automatically completing an impact 
analysis includes automatically completing a conflict analysis to determine what new patches 
may be need and how the new patches may conflict with old patches already applied to the 
target device. 

39. The method of claim 35 further comprising automatically verifying application of 
the deployed plurality of patches on the plurality of target devices. 

40. The method of claim 35 further comprising automatically performing quality 
assurance operations on the plurality of target devices to provide a desired level of quality for 
application of the deployed plurality of patches on the plurality of target devices. 
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